A European Community Framework For Electronic Signatures

On 13 December 1999 the European Parliament passed Directive 1999/93/EC on a Community framework for electronic signatures in e-commerce. It is due to be implemented in the UK by 19 July 2001. The declared aim of the Directive 'is to facilitate the use of electronic signatures and to contribute to their legal recognition'. The Directive establishes a legal framework for electronic signatures and certain certification-services in order to ensure the proper functioning of the European on-line internal market.

The Validity Of E-Contracts

At the heart of the Directive is the issue of the legality of e-contracts and, accordingly, there is a need to establish a legal basis to them. A large part of that legal basis is the recognition that needs to be afforded to electronic signatures and the need to have properly constituted certification authorities.

The Need for Digital Signatures1

Up to recently, most B2B electronic transactions were fairly satisfactorily conducted through closed networks known as 'electronic data interchange' or EDI. However, with the unbridled growth of the Internet there has arisen an intricate net of business operations involving a multitude of participants, to the extent that the EDI system has to give way to an open system, which is the Internet itself. In order for it to work effectively, trust and confidence between the participants is essential. One must know who one is dealing with over the net and must be sure that the other party is indeed who he says he is! It is necessary, therefore, to employ secure technologies like digital signatures and establish consistent legal regimes to underpin their use.

How Digital Signatures Must Work

In order for digital signatures to work effectively (i.e. give participants in e-commerce confidence in it), they must not only be able to unequivocally confirm the identity of the other party, but also authenticate and bear out the integrity of the e-document. In some respects, digital signatures are uniquely verifiable and cannot be repudiated. This is because on a 'computer-to-computer' basis, 'digital handshakes' can ensure that the parties are who they say they are.

The Problem With Digital Signatures

However, digital signatures are subject to a fatal flaw: they can be subjected to what is known as 'signature stripping'. A digital document is nothing more than a series of bits that can be read by a computer and then converted into human readable language. A digital signature...